• NobodyElse@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    31
    arrow-down
    1
    ·
    6 months ago

    With even email clients and web browsers running arbitrary and untrusted remote code on a regular basis, that model needs serious reconsideration.

    This xkcd shouldn’t still be insightful. https://xkcd.com/1200/

    • ChillPill@lemmy.world
      link
      fedilink
      English
      arrow-up
      9
      ·
      6 months ago

      Maybe its time to rethink desktop security. I realize that there is credential manager on windows, keychain on mac, and similar on gnu/linux; even with that it seems for a lot of services “all” you need to do is steal a cookie and all of a sudden you are someone else.

      • MeanEYE@lemmy.world
        link
        fedilink
        English
        arrow-up
        5
        arrow-down
        3
        ·
        6 months ago

        Idea of using a web browser for a platform was dumb enough and the reason why none of the keys were stored in appropriate services.